Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=report-message-summary

Message Summary report

The Message Summary report details the email messages processed by Sophos Email for your protected mailboxes.

This option is only available if your license includes Sophos Email.

To see the report, go to Reports > Email Security > Message Summary.

All scanned messages are shown in the report by default.

The Message Summary report uses interactive reporting. You can select and deselect category legends in the chart to focus on the categories you're most interested in. You can click the table entries to go to the Message History report for more information.

Filters

You can filter the report by type, date range, how the data is summarized, and message direction.

By default, the report shows inbound messages from the last 30 days, but you can select any date range up to 365 days.

If you have domains connected with Sophos Gateway and Sophos Mailflow, use the Type drop-down menu to view messages from one or both email delivery methods.

The Summarise by drop-down menu lets you select how the data is grouped in the report. You can summarize your report using the following options:

  • Category – Groups messages based on verdicts such as malware, spam, impersonation, and legitimate.
  • TLS Encryption – Groups messages based on their encryption status.

The Direction drop-down menu lets you select whether to view inbound or outbound messages.

Chart

The chart shows you at a glance the number of messages that were processed per day.

You can hover over the chart to see the daily message breakdown. You can also select and deselect chart legends to include or exclude categories from the chart. You can then focus on the categories that most interest you.

You can also click Hide graph to hide the chart.

Table

The message table shows the number of email messages processed for each date listed. It reflects the selected date and all message types. You can sort the columns by category.

You can click any linked number to go to Message History for the messages that failed that scan type on that day. See Message History Report.

Go to the tabs to learn more about the messages grouped by threat category or encryption method.

Inbound messages are categorized as follows:

  • Realtime blocked: Messages from blocked sending IP addresses.
  • Enterprise blocked: Messages sent from an address that has already been added to the enterprise blocklist (Inbound Allow/Block).
  • Malware: Messages containing known malware.
  • Unscannable: Messages we couldn't scan for threats.
  • Intelix threat: Messages identified as threats by SophosLabs' Intelix service.
  • URL/QR Code: Messages containing malicious URLs or QR codes linked to unsafe or criminal websites.
  • Impersonation: Messages that fail Impersonation Protection checks.
  • Spam: Messages containing known spam characteristics.
  • Bulk: Newsletters, mailing lists, and other forms of solicited email.
  • Authentication failure: Messages that failed authentication DMARC, SPF, or DKIM checks.
  • Data control: Messages that violated Data Control policies.
  • Legitimate: Messages classified as clean and therefore delivered.

Outbound messages are categorized as follows:

  • Malware: Messages containing known malware.
  • Spam: Messages classified as spam.
  • Data control: Messages that violated Data Control policies.
  • Secure Message: Messages secured by TLS, S/MIME, Push Encryption, or Portal Encryption.
  • Legitimate: Messages classified as clean and therefore sent.

Note

You can't click Realtime blocked messages because they aren't included in the Message History report. These messages are blocked early in the scanning process, during the SMTP command, so there's little information available.

Inbound and outbound messages are categorized by the following encryption statuses:

  • Unencrypted: Messages delivered without TLS encryption.
  • TLS v1.2: Messages encrypted using TLS version 1.2.
  • TLS v1.3: Messages encrypted using TLS version 1.3.

Schedule a report

You can schedule regular Message Summary reports to be sent via email to selected admins.

For information on scheduling a report, see Schedule reports.

Export a report

You can export a Message Summary report that contains a record of activities for a selected date range or just for the last 90 days. The exported file contains all applied filters at the time of export.

Click Export to download the report as a CSV or PDF file.